# Unused Global Middleware Analyzer
Category | Severity | Time To Fix |
---|---|---|
🚀 Performance | Minor | 5 minutes |
Class: Enlightn\Enlightn\Analyzers\Performance\UnusedGlobalMiddlewareAnalyzer
# Introduction
Laravel has almost everything built-in. But sometimes, we fall into the trap of just using the Laravel skeleton code rather than cleaning it up for your specific application.
This analyzer checks to see if there are any "unused" global middleware classes lying around in your App\Http\Kernel
class. The boilerplate middleware classes it checks includes:
- HandleCors: If your application does not use CORS (your
cors.paths
configuration is an empty array), then this middleware is flagged as unused. - TrustProxies: If your application does not configure trusted proxies (using the
trustedproxy.proxies
configuration), then this middleware is flagged as unused. - TrustHosts: If your application does not use setup trusted proxies, then you do not need to setup trusted hosts either (as long as your web server is configured in a secure manner) and this middleware is flagged as unused. In case, you do not have access or control over your web server configuration, you may need this middleware even if you do not use trusted proxies. In this case, you may ignore this analyzer.
# How To Fix
To fix this issue, simply remove all the unused global middleware from your App\Http\Kernel
class.
If you are using Laravel 11+, make sure to adjust your global middleware stack (opens new window) in your bootstrap/app.php
file.